Add comment

My client has only provided an sha384RSA 2048 certificate with pkcs padding(.cer). They say it should be used for encryption in HCI as a MLS. Also they asked to used Base 64 encoding after the encryption is done.

They have not provided any public key or anything apart from that.

So for TLS i downloaded the public certificates from their website and that works fine.

Also i used keystore explorer to add this .cer to newly created java keystore and added to my HCI keystore

Alert Moderator

Add comment

As per the blog there is no restriction to use the existing system.jks keystore . You can create your own keystore as well

To add the root certificate of the receiver systems private key, open an existing keystore in Keystore Explorer or create a new keystore. Easiest is to just create a new one, select JCEKS as type for the new keystore.

I am not sure if HTTP has inbuild MLS feature, if not then have to go for script .

And the private key for your tenant would be usually sent in the initial mail from SAP with your tenant/management/runtime URL , however, you can create a new pair as well . link

You need to use the .cer file provided by your 3rd party in the Public key alias of PKCS7 encryptor. And to upload this .cer file to keystore, you need to create a .jks file. You can use the system.jks file if you know the password of it, else create a new .jks file and upload it to HCI keystore.

You can use keystore explorer to add the .cer file. Once uploaded use the alias of .cer file in PKCS7 encryptor.